HP Integrated Lights-Out 2 User Guide
Table Of Contents
- HP Integrated Lights-Out 2 User Guide
- Contents
- 1 Overview
- 2 Setting up iLO 2
- 3 Configuring iLO 2
- iLO 2 configuration overview
- Upgrading iLO 2 firmware
- Licensing
- User administration
- Configuring iLO 2 access
- Security
- Network
- SNMP/Insight Manager settings
- ProLiant BL p-Class configuration
- 4 Using iLO 2
- System status and status summary information
- iLO 2 Remote Console
- Remote Console overview and licensing options
- Remote Console settings
- IRC Fullscreen
- Integrated Remote Console option
- Multi-user access to the Integrated Remote Console
- Using Console Capture
- Using HP iLO Video Player
- Acquiring the Remote Console
- Remote Console
- Text-based remote console overview
- Virtual media
- Power management
- ProLiant BL p-Class Advanced management
- ProLiant BladeSystem HP Onboard Administrator
- 5 Directory services
- Overview of directory integration
- Benefits of directory integration
- Advantages and disadvantages of schema-free directories and HP schema directory
- Setting up Schema-free directory integration
- Setting up HP schema directory integration
- Features supported by HP schema directory integration
- Setting up directory services
- Schema documentation
- Directory services support
- Schema required software
- Schema installer
- Management snap-in installer
- Directory services for Active Directory
- Active Directory installation prerequisites
- Installing Active Directory on Windows Server 2008
- Directory services preparation for Active Directory
- Snap-in installation and initialization for Active Directory
- Example: Creating and configuring directory objects for use with iLO 2 in Active Directory
- Directory services objects
- Active Directory Lights-Out management
- Directory services for eDirectory
- User login using directory services
- Directory-enabled remote management
- HPQLOMIG directory migration utility
- Introduction to HPQLOMIG utility
- Compatibility
- HP Lights-Out directory package
- Using HPQLOMIG
- Finding management processors
- Upgrading firmware on management processors
- Selecting a directory access method
- Naming management processors
- Configuring directories when HP Extended schema is selected
- Configuring directories when schema-free integration is selected
- Setting up management processors for directories
- Directory services schema
- 6 HP Systems Insight Manager integration
- 7 Troubleshooting iLO 2
- iLO 2 POST LED indicators
- Event log entries
- Hardware and software link-related issues
- JVM support
- Login issues
- Login name and password not accepted
- Directory user premature logout
- iLO 2 Management Port not accessible by name
- iLO 2 RBSU unavailable after iLO 2 and server reset
- Inability to access the login page
- Inability to access iLO 2 using Telnet
- Inability to access virtual media or graphical remote console
- Inability to connect to iLO 2 after changing network settings
- Inability to connect to the iLO 2 Diagnostic Port
- Inability to connect to the iLO 2 processor through the NIC
- Inability to log in to iLO 2 after installing the iLO 2 certificate
- Firewall issues
- Proxy server issues
- Two-factor authentication error
- Troubleshooting alert and trap issues
- Troubleshooting directory issues
- Troubleshooting Remote Console issues
- Remote Console applet has a red X when running Linux client browser
- Inability to navigate the single cursor of the Remote Console to corners of the Remote Console window
- Remote Console no longer opens on the existing browser session
- Remote console text window not updating properly
- Remote Console turns gray or black
- Remote Serial Console troubleshooting
- Troubleshooting Integrated Remote Console issues
- Internet Explorer 7 and a flickering remote console screen
- Configuring Apache to accept exported capture buffers
- No console replay while server is powered down
- Skipping information during boot and fault buffer playback
- Out of Memory error starting Integrated Remote Console
- Session leader does not receive connection request when IRC is in replay mode
- Keyboard LED does not display correctly
- Inactive IRC
- IRC Failed to connect to server error message
- IRC toolbar icons do not update
- GNOME interface does not lock
- Repeating keys on the Remote Console
- Remote Console playback does not work when the host server is powered off
- Troubleshooting SSH and Telnet issues
- Troubleshooting terminal services issues
- Troubleshooting video and monitor issues
- Troubleshooting Virtual Media issues
- Troubleshooting iLO Video Player issues
- Troubleshooting Remote Text Console issues
- Troubleshooting miscellaneous issues
- Cookie sharing between browser instances and iLO 2
- Inability to access ActiveX downloads
- Inability to get SNMP information from HP SIM
- Incorrect time or date of the entries in the event log
- Inability to upgrade iLO 2 firmware
- iLO 2 network flash recovery
- Recovering from a bad iLO 2 flash image using network flash recovery
- Recovering from a bad iLO 2 flash image using the HP Smart Update Firmware DVD
- The iLO 2 firmware does not respond to SSL requests
- Testing SSL
- Resetting iLO 2
- Server name still present after ERASE utility is executed
- Troubleshooting a remote host
- 8 Technical support
- Acronyms and abbreviations
- Index
NOTE: When directories are enabled, access to a particular iLO 2 is based on whether the user
has read access to a Role object that contains the corresponding iLO 2 object. This includes but
is not limited to the members listed in the role object. If the Role is set up to allow inheritable
permissions to propagate from a parent, then members of the parent which have read access
privileges will also have access to iLO 2. To view the access control list, navigate to Users and
Computers, open the properties screen for the Role object and select the Security tab.
For step-by-step instructions on how to create network and time restrictions on a role, see “Active
Directory role restrictions” (page 147) or “eDirectory Role Restrictions” (page 154).
Role time restrictions
Administrators can place time restrictions on LOM roles. Users are granted the rights specified for
the LOM devices listed in the role, only if they are members of the role and meet the time restrictions
for that role.
LOM devices use local host time to enforce time restrictions. If the LOM device clock is not set, the
role time restriction fails unless no time restrictions are specified on the role.
Role-based time restrictions can only be satisfied if the time is set on the LOM device. The time is
normally set when the host is booted, and it is maintained by running the agents in the host operating
system, which allows the LOM device to compensate for leap year and minimize clock drift with
respect to the host. Events, such as unexpected power loss or flashing LOM firmware, can cause
the LOM device clock to not be set. Also, the host time must be correct for the LOM device to
preserve time across firmware flashes.
Role address restrictions
Role address restrictions are enforced by the LOM firmware, based on the client's IP network
address. When the address restrictions are met for a role, the rights granted by the role apply.
Address restrictions can be difficult to manage if access is attempted across firewalls or through
network proxies. Either of these mechanisms can change the apparent network address of the
client, causing the address restrictions to be enforced in an unexpected manner.
User restrictions
You can restrict access using address or time restrictions.
User address restrictions
Administrators can place network address restrictions on a directory user account, and these
restrictions are enforced by the directory server. Refer to the directory service documentation for
details on the enforcement of address restrictions on LDAP clients, such as a user logging in to a
LOM device.
Network address restrictions placed on the user in the directory might not be enforced in the
expected manner if the directory user logs in through a proxy server. When a user logs in to a
LOM device as a directory user, the LOM device attempts authentication to the directory as that
user, which means that address restrictions placed on the user account apply when accessing the
LOM device. However, because the user is proxied at the LOM device, the network address of
the authentication attempt is that of the LOM device, not that of the client workstation.
IP address range restrictions
IP address range restrictions enable the administrator to specify network addresses that are granted
or denied access by the restriction. The address range is typically specified in a low-to-high range
format. An address range can be specified to grant or deny access to a single address. Addresses
that fall within the low to high IP address range meet the IP address restriction.
Directory-enabled remote management 159